[Pkg-mediawiki-devel] Bug#750527: mediawiki: Javascript inject by anonymous users on private wikis with $wgRawHtml enabled

Salvatore Bonaccorso carnil at debian.org
Wed Jun 11 16:42:55 UTC 2014

Source: mediawiki
Source-Version: 1:1.19.16+dfsg-1

On Wed, Jun 04, 2014 at 09:59:39AM +0300, Henri Salo wrote:
> Package: mediawiki
> Version: 1:1.19.15+dfsg-2
> Severity: normal
> Tags: security, fixed-upstream
> Needs wgRawHTML enabled so this may not be easy to exploit and might not be
> affected by default.
> Details of the issue: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
> CVE request: http://www.openwall.com/lists/oss-security/2014/06/03/7

This was fixed with the recent mediawiki 1:1.19.16+dfsg-1 upload to


More information about the Pkg-mediawiki-devel mailing list